- tor-project - lists.torproject.org

Anti-censorship team meeting notes, 2022-12-22
by meskio 22 Dec '22

22 Dec '22

Hey everyone! Here is our meeting log: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-12-22-15.57.html And our meeting pad: Anti-censorship team meeting pad -------------------------------- Next meeting: Thursday, January 12 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 == Announcements == * No meetings December 29 neither January 5. We'll be AFK Dec 22 - Jan 7 == Discussion == * == Actions == * == Interesting links == == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2022-11-24 Last week: - wrote a fix to make go fmt CI more verbose (snowflake!122) This week: - continue work on conjure client - more work on reputation-based bridge dist - fixup snowflake!108 Needs help with: dcf: 2022-12-14 Last week: - snowflake CDN bookkeeping https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… Next week: - make obfs4 distinguishability reports public - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 Help with: meskio: 2022-12-22 Last week: - poke outdated bridge operators (obfs4#40008) - fix onionsproutsbot bug with journald (onionsproutsbot#47) - Circumvention Settings recommends obfs4 bridges in Russia (rdsys-admin!11) - Investigate broken descriptors (bridgedb-admin#4) Next week/after holidays: - add localization support to rdsys (rdsys#11) - publish obfs4 deofuscation bugs Shelikhoo: 2022-12-08 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Discussion & Deployment] Rollout of Distributed Snowflake Support - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request] Update to support chunked upload of probe log(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurem… - [Merge Request] Add Resumable Upload to Log Collector (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) Next Week: - [Research] WebTunnel planning (Continue) Itchy Onion: 2022-12-15 Last week: - worked on RACE performance issue - [Merge Request Done] "Abbreviate `ice` list in bridge lines" - reviewed some MRs This week: - Work on the RACE performance issue - [Merge Request Done] Fix duplicate snowflake server flag - Work on adding Outbound address option to snwoflake server hackerncoder: 2022-12-22 last week: - getting ooni-exporter setup on a personal server - worked on ooni-exporter https://gitlab.torproject.org/hackerncoder/ooni-exporter Next week/after holiday: - figure out what makes ooni-exporter put all reports from a country in either success or failure - getting ooni-exporter to work with torsf (snowflake) - work on monitoring bridges health cece: 2022-12-22 This week: - working on creating a dummy WhatsApp bot Next week: - My bot is not yet working as expected s still trying to figure that out Help with: - resources -- meskio | https://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: https://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.

1 0

Re: [tor-project] Tor Browser Bundle on Guix
by Jim Newsome 19 Dec '22

19 Dec '22

Makes sense! I'm just dipping my toe into Guix and definitely not looking to take on maintainership of packages there at the moment. Was sharing the info primarily for other individuals running Guix who may want to run Tor Browser. Maybe the wiki, on or around this page would be a good place to document this sort of distro-specific workaround in the meantime? https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Platform… The list of runtime dependencies (e.g. libssl @ v1, libevent, ...) may be more generally useful for running on Linux, since I imagine someone on any distro could run into problems if they happen to not have those installed. What is the procedure for proposing/making edits to the the Tor Browser wiki, anyway? On 12/19/22 06:41, Richard Pospesel wrote: > So I think in general we (applications team) don't want to support every > possible distribution format out there/be smart about which ones we *do* > support in terms of maximizing reach/going where the users are. > > But that said there are a few downstream re-packagers (Tails, > torbrowser-launcher/ BSD, etc) that we don't want to break. If this is > something you (or someone else) wants to build+maintain, then we can add > you to the list of folks who get early notification of new browser > releases, potentially breaking changes, etc. I think we're also > generally in favor (within reason, case by case basis, etc) of taking > patches to the browser itself for things which make downstream packaging > easier or less complicated. > > best, > -Richard > > On 12/17/22 00:06, Jim Newsome wrote: >> Possibly of interest to browser and/or guix folks - >> >> I was experimenting with the [Guix System Distro] on my laptop, and >> managed to get Tor Browser Bundle running with a relatively new >> feature `--emulate-fhs`. Details below. I haven't messed with it too >> much yet, so I wouldn't be surprised if the runtime dependency list >> below is missing some, which may result in runtime errors. >> >> It'd be nice to get it packaged properly, but probably not high >> priority in terms of wide user reach. It's essentially an OS for >> people who think [NixOS] is too mainstream ;P >> >> Maybe I'll get around to poking at it sometime; they have other >> firefox variants in there (icecat), so that might be a reasonable >> starting point. >> >> [Guix System Distro]: https://guix.gnu.org/ >> [NixOS]: https://nixos.org/ >> >> -------- Forwarded Message -------- >> Subject: re: Drafting a Guix blog post on the FHS container >> Date: Fri, 16 Dec 2022 17:39:21 -0600 >> From: Jim Newsome <jim(a)sporksmith.net> >> To: john.kehayias(a)protonmail.com, help-guix(a)gnu.org, guix-devel(a)gnu.org >> >> Sorry for (presumably) breaking threading; I came across this online >> and don't see a way to set my in-reply-to-email header properly. >> >> Anyways just thought I'd mention that I recently learned about this >> feature, and was able to use it to get a downloaded [Tor Browser >> Bundle] running with: >> >> >> ``` >> guix shell \ >> --container \ >> --network \ >> --emulate-fhs \ >> --preserve='^DISPLAY$' >> --share=/run/user/$(id -u)/gdm \ >> openssl@1 \ >> libevent \ >> pciutils \ >> dbus-glib \ >> bash \ >> libgccjit \ >> libcxx \ >> gtk+ \ >> coreutils \ >> grep \ >> sed \ >> file \ >> alsa-lib \ >> -- \ >> ./start-tor-browser.desktop -v >> ``` >> >> `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to >> get access to the display. I'm not sure the second parameter is >> universally correct; I reverse-engineered it via roughly `ps aux | >> grep -- -auth`. >> >> The `-v` parameter to the browser script keeps it from trying to >> background itself, which otherwise causes the container and browser to >> terminate. >> >> It'd ultimately be nice to package the Tor Browser Bundle properly for >> guix, but it's nice to be able to use it this way in the meantime. >> >> -Jim >> >> [Tor Browser Bundle]: https://www.torproject.org/download/ >> _______________________________________________ >> tor-project mailing list >> tor-project(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project > > _______________________________________________ > tor-project mailing list > tor-project(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

2 1

Tor Browser Bundle on Guix
by Jim Newsome 19 Dec '22

19 Dec '22

Possibly of interest to browser and/or guix folks - I was experimenting with the [Guix System Distro] on my laptop, and managed to get Tor Browser Bundle running with a relatively new feature `--emulate-fhs`. Details below. I haven't messed with it too much yet, so I wouldn't be surprised if the runtime dependency list below is missing some, which may result in runtime errors. It'd be nice to get it packaged properly, but probably not high priority in terms of wide user reach. It's essentially an OS for people who think [NixOS] is too mainstream ;P Maybe I'll get around to poking at it sometime; they have other firefox variants in there (icecat), so that might be a reasonable starting point. [Guix System Distro]: https://guix.gnu.org/ [NixOS]: https://nixos.org/ -------- Forwarded Message -------- Subject: re: Drafting a Guix blog post on the FHS container Date: Fri, 16 Dec 2022 17:39:21 -0600 From: Jim Newsome <jim(a)sporksmith.net> To: john.kehayias(a)protonmail.com, help-guix(a)gnu.org, guix-devel(a)gnu.org Sorry for (presumably) breaking threading; I came across this online and don't see a way to set my in-reply-to-email header properly. Anyways just thought I'd mention that I recently learned about this feature, and was able to use it to get a downloaded [Tor Browser Bundle] running with: ``` guix shell \ --container \ --network \ --emulate-fhs \ --preserve='^DISPLAY$' --share=/run/user/$(id -u)/gdm \ openssl@1 \ libevent \ pciutils \ dbus-glib \ bash \ libgccjit \ libcxx \ gtk+ \ coreutils \ grep \ sed \ file \ alsa-lib \ -- \ ./start-tor-browser.desktop -v ``` `--preserve='^DISPLAY$'` and `--share=/run/user/$(id -u)/gdm` are to get access to the display. I'm not sure the second parameter is universally correct; I reverse-engineered it via roughly `ps aux | grep -- -auth`. The `-v` parameter to the browser script keeps it from trying to background itself, which otherwise causes the container and browser to terminate. It'd ultimately be nice to package the Tor Browser Bundle properly for guix, but it's nice to be able to use it this way in the meantime. -Jim [Tor Browser Bundle]: https://www.torproject.org/download/

2 1

disruption in email services
by Antoine Beaupré 15 Dec '22

15 Dec '22

Hi everyone, We've had reports of increasing delivery failure rates at other providers, particularly gmail, from multiple parties in the course of the last few weeks / months. It might be worth falling back to an alternative provider if you have access to one, for your @torproject.org email, otherwise you might miss some email. Inversely, if you have a hard requirement to reach @gmail.com people right now, you may want to use another provider or use a gmail account directly. We're working on emergency mitigations for this problem. I should come up with a proposal tomorrow and work should start next week. In the meantime, status.torproject.org has been updated. Feel free to circulate outside of this space, since many people here might not be able to read this message in the first place, of course. a. -- Antoine Beaupré torproject.org system administration

4 5

Tor user support team will be partly unavailable during the holidays (Dec 23 - Jan 4, 2023)
by gus 15 Dec '22

15 Dec '22

Hello, Tor User Support team will be partly unavailable between December 23, 2022, and January 4, 2023. If you reach out to us on our user support channels via email, Forum, Telegram, or Signal, our response may take a longer than usual. Please rest assured we will get back to your messages as soon as possible. Thank you! Gus Community Team Tor Project -- The Tor Project Community Team Lead

1 0

Tomorrow we hang out! Tor Localization Hangout from 12 UTC
by emma peel 15 Dec '22

15 Dec '22

Fellow translators! Tomorrow we hangout! The topics I propose are: - the move to weblate, how it is going, next steps - priorities to translate, new resources and strings - new African locales. Also: any other topics that you want to bring! Come over to hang out, on the #tor-l10n channel in OFTC. (you can also use Element https://element.io/ to connect: #tor-l10n:matrix.org) At 13 UTC we make a call on Big Blue Button: https://tor.meet.coop/emm-qmu-8o2-d2w If you are not a translator yet, you still have time to become one before the hangout. What do we do in a hangout? * Translate stuff * Share translation tips and resources * Complain about developers * Talk about translation priorities * Talk about our local contexts * Practice bug reporting and git skills More info: https://community.torproject.org/localization/hangouts/

1 0

Anti-censorship team meeting notes, 2022-12-15
by Itchy Onion 15 Dec '22

15 Dec '22

Hey everyone! Here is our meeting log: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-12-15-15.59.log… And our meeting pad: Anti-censorship team meeting pad-------------------------------- Next meeting: Thursday, Dec 15 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == - Our anti-censorship roadmap: - Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards - The anti-censorship team's wiki page: - https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home - Past meeting notes can be found at: - https://lists.torproject.org/pipermail/tor-project/ - Tickets that need reviews: from sponsors, we are working on: - All needs review tickets: - https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… - Sponsor 28 - must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 - possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… - Sponsor 96 - https://gitlab.torproject.org/groups/tpo/-/milestones/24 == Announcements == - No meetings December 29 neither January 5. We'll be AFK Dec 22 - Jan 7 == Discussion == - Is snowflake blocked in russia? - it doesn't seem to have much usage there and the vantage point seems to indicate it doesn't work - we'll change circumvention settings to recommend first obfs4 bridges == Actions == - we should investigate if snowflake is blocked in russia (circumvention settings is recommending snowflake in russia, I wonder if we should change that) == Interesting links == == Reading group == - We will discuss "" on - - Questions to ask and goals to have: - What aspects of the paper are questionable? - Are there immediate actions we can take based on this work? - Are there long-term actions we can take based on this work? - Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - - Something you need help with. cecylia (cohosh): last updated 2022-11-24 - Last week: - - wrote a fix to make go fmt CI more verbose (snowflake!122) - This week: - - continue work on conjure client - - more work on reputation-based bridge dist - - fixup snowflake!108 - Needs help with: dcf: 2022-12-14 - Last week: - - made the number of KCP state machines a command-line option and merged it https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - brought the snowflake bridge installation guide up to date with current settings https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Gui… - - deployed current performance settings on snowflake-02 bridge - - changed srcaddr in extor-static-cookie to a transport option from a command-line option, like in snowflake-server https://gitlab.torproject.org/dcf/extor-static-cookie/-/commit/61e0684e40f8… - - had the IP addresses of snowflake-02 added to DDoS mitigation scripts https://github.com/steinex/tor-ddos/issues/2 https://github.com/Enkidu-6/tor-relay-lists/issues/2 - - opened an issue for a duplicate flag name in snowflake-server https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - - started an experiment to increase the size of the conntrack table on snowflake-01 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - Next week: - - make obfs4 distinguishability reports public - - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… - - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 - - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 - Help with: meskio: 2022-12-15 Last week: - figure out why onionsproutsbot freezees in our server (onionsproutsbot#47) - add support for multiple shim-tokens for moat (rdsys#118) - remove unused DKIM header verification from BridgeDB (bridgedb!51) - catching up with outreachy duties Next week: - add localization support to rdsys (rdsys#11) - make onionsproutsbot work in systemd (onionsproutsbot#47) - poke outdated bridge operators (obfs4#40008) Shelikhoo: 2022-12-08 Last Week: - - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - - [Discussion & Deployment] Rollout of Distributed Snowflake Support - - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request] Update to support chunked upload of probe log(https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurem… - [Merge Request] Add Resumable Upload to Log Collector (https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/…) Next Week: - - [Research] WebTunnel planning (Continue) - Itchy Onion: 2022-12-15 Last week: - - worked on RACE performance issue - [Merge Request Done] "Abbreviate `ice` list in bridge lines" - reviewed some MRs This week: - - Work on the RACE performance issue - - [Merge Request Done] Fix duplicate snowflake server flag - - Work on adding Outbound address option to snwoflake server hackerncoder: 2022-12-15 last week/earlier this week: - worked on ooni-exporter https://gitlab.torproject.org/hackerncoder/ooni-exporter Next week/later this week: - getting ooni-exporter setup on a personal server - getting ooni-exporter to work with torsf (snowflake) - work on monitoring bridges health

1 0

Anti-censorship team meeting notes, 2022-12-08
by Shelikhoo 08 Dec '22

08 Dec '22

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-12-08-15.58.html <http://meetbot.debian.net/tor-meeting/2022/tor-meeting.2022-03-31-15.59.html> And our meeting pad: Anti-censorship work meeting pad -------------------------------- Next meeting: Thursday, Dec 15 16:00 UTC Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap: https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from sponsors, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Sponsor 28 * must-do tickets: https://gitlab.torproject.org/groups/tpo/-/milestones/10 * possible tickets: https://gitlab.torproject.org/groups/tpo/-/issues?scope=all&utf8=%E2%9C%93&… * Sponsor 96 * https://gitlab.torproject.org/groups/tpo/-/milestones/24 == Announcements == * Cece is the new Outreachy intern working on Rdsys (adding a new social media platform) until March 5th! Please welcome her to the team! * No meetings December 29 neither January 5. We'll be AFK Dec 22 - Jan 7 * Tor Browser 12.0 has the snowflake-02 bridge * https://blog.torproject.org/new-release-tor-browser-120/ * https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F578… == Discussion == * snowflake-02 is live in TB 12 * not in Orbot yet * plan to see how things go in Tor Browser, bring it up with Orbot in sponsor 96 meeting in January 2023 * make obfs4 distinguishability reports public? * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 * we were waiting for a threshold of 50% of bridges to upgrade * some emails to gmail.com in the last batch of notifications bounced (https://lists.torproject.org/pipermail/tor-project/2022-December/003519.html) * we'll send one more batch of notifications, then plan to make public after the break on 2023-01-09 * does ajax.aspnetcdn.com still work in turkmenistan?? * it might be working, and we only use it for meek * snowflake uses cdn.sstatic.net * curl and dig tests are not showing injection for ajax.aspnetcdn.com nor cdn.sstatic.net from outside (https://github.com/net4people/bbs/issues/80#issuecomment-906533865) * rwails and NRL working on a new pluggable transport * any compatibility issues between C-tor and Arti? probably not. * how to run a PT in arti: https://gitlab.torproject.org/tpo/core/arti/-/issues/333 == Actions == == Interesting links == * https://ntc.party/t/ajax-aspnetcdn-com/3571 * Reported block of ajax.aspnetcdn.com in Russia, by TSPU, since mid-November? * https://explorer.ooni.org/chart/mat?probe_cc=RU&test_name=web_connectivity&… == Reading group == * We will discuss "" on * * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): last updated 2022-11-24 Last week: - wrote a fix to make go fmt CI more verbose (snowflake!122) This week: - continue work on conjure client - more work on reputation-based bridge dist - fixup snowflake!108 Needs help with: dcf: 2022-12-08 Last week: - disabled non-WireGuard SSH access to snowflake-02 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - merged some snowflake-server performance improvements, thanks itchyonion - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - asked to have snowflake-01's other IP addresses excepted in DDoS mitigation scripts https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - performance tuning on snowflake-02 bridge - make obfs4 distinguishability reports public - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/obfs… - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/91 - document recent performance optimizations in Snowflake bridge installation guide - have snowflake-02's outgoing IP address added to DDoS mitigation scripts - make the number of KCP state machines a command-line option https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - migrate goptlib to gitlab https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86#note_282… - try Conjure PT development version https://forum.torproject.net/t/tor-dev-introducing-a-conjure-pt-for-tor/4429 Help with: meskio: 2022-12-08 Last week: - update gettor/onionsproutsbot for the Tor Browser release - investigate why systemd freezes onionsproutsbot (onionsproutsbot#47) - some bridges appear offline in metrics.tpo (team#112) - support onbasca attempts to test bridge speed (onbasca#130) - onboard our outreachy intern - review merge request to use a different network on docker bridge images (docker-obfs4-proxy!10) Next week: - add localization support to rdsys Shelikhoo: 2022-12-08 Last Week: - [Merge Request Awaiting] Add SOCKS5 forward proxy support to snowflake (snowflake!64) - [Discussion & Deployment] Rollout of Distributed Snowflake Support - [Coding & Deployment] Proposal: Centralized Probe Result Collector (anti-censorship/team#54) - [Research] HTTPT Planning https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/http… - [Merge Request Done] Get Webtunnel to build together with tor browser - [Merge Request Done] fix "utls RoundTripper does not work when it is supposed to use HTTP/1" Next Week: - [Research] WebTunnel planning (Continue) - [Coding] More Reliable Raw Log Upload For log collector Itchy Onion: 2022-11-24 Last week: - continue working on snowflake in RACE; it passes one of the integration tests, but fails the second one with heavier load - worked on "Abbreviate `ice` list in bridge lines" (interruptted by RACE test results) This week: - continue working on snowflake in RACE; trying to cut down the number of times snowflake peers establish connection bc it's expensive (right now multiple connections are needed for messages between the same hosts) - review some MRs

1 0

Applications team no longer updating gitolite repos
by Richard Pospesel 06 Dec '22

06 Dec '22

Hi everyone, With the 12.0 release almost out the door, the applications team will no longer be pushing commits to our git.torproject.org (gitolite) repos. All future code updates will only be pushed to our various gitlab.torproject.org (Gitlab) repos. best, -Richard

1 0

minutes from the sysadmin meeting
by Antoine Beaupré 06 Dec '22

06 Dec '22

Here's your monthly microdose of sysadmin news, happy holidays for people that have them... # Roll call: who's there and emergencies the usual fires. anarcat, kez, lavamind present. # Dashboard review Normal per-user check-in: * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… General dashboards: * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards # 2023 roadmap discussion Discuss and adopt TPA-RFC-42: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-42-roadma… https://gitlab.torproject.org/tpo/tpa/team/-/issues/40924 Revised proposal: * do the bookworm upgrades, this includes: * puppet server 7 * puppet agent 7 * plan would be: * Q1-Q2: deploy new machines with bookworm * Q1-Q4: upgrade existing machines to bookworm * email services improvements (TPA-RFC-44 2nd generation) * upgrade Schleuder and Mailman * self-hosting Discourse? * complete the cymru migration (e.g. execute TPA-RFC-40) * retire gitolite/gitweb (e.g. execute TPA-RFC-36) * retire SVN (e.g. execute TPA-RFC-11) * monitoring system overhaul (TPA-RFC-33) * deploy a Puppet CI Meeting on wednesday for the web stuff. Proposal adopted. Worries about our capacity at hosting email, some of the concerns are shared inside the team, but there doesn't seem to be many other options for the scale we're working at. # Holidays confirmation Confirmed people's dates of availability for the holidays. # Next meeting January 9th. # Metrics of the month * hosts in Puppet: 94, LDAP: 94, Prometheus exporters: 163 * number of Apache servers monitored: 31, hits per second: 744 * number of self-hosted nameservers: 6, mail servers: 9 * pending upgrades: 0, reboots: 4 * average load: 0.83, memory available: 4.46 TiB/5.74 TiB, running processes: 745 * disk free/total: 33.12 TiB/92.27 TiB * bytes sent: 404.70 MB/s, received: 230.86 MB/s * planned bullseye upgrades completion date: 2022-11-16, AKA "suspicious completion time in the past, data may be incomplete" * [GitLab tickets][]: 183 tickets including... * open: 0 * icebox: 152 * backlog: 14 * next: 9 * doing: 5 * needs information: 3 * (closed: 2954) [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye/ Now also available as the main Grafana dashboard. Head to <https://grafana.torproject.org/>, change the time period to 30 days, and wait a while for results to render. # Number of the month Three hundred thousand. The number of subscribers to the Tor newsletter (!). -- Antoine Beaupré torproject.org system administration

1 0